login about faq

I have a requirement to use user keys with passphrases on automated scripts. Is there a way I can give the passphrase to use to the SSH Tectia Client?

asked Feb 18 '10 at 09:46

SSH%20KB's gravatar image

SSH KB ♦
509249246237


In some circumstances you may be required to to use user keys with Passphrases on automated scripts.

In these cases you may want to pre-load/cache the passphrases for your user keys using the ssh-broker-ctl command.

For more details of the command options please see the link below, and examples provided in this KB article.

http://www.ssh.com/support/documentation/online/ssh/winhelp/61/ssh-broker-ctl.html>http://www.ssh.com/support/documentation/online/ssh/winhelp/61/ssh-broker-ctl.html

First use the list-keys option to find the key ID:

If you get the following message it usually means that the broker isn't started:

[root@dhcp-pool62 ~]# ssh-broker-ctl list-keys -s
ssh-broker-ctl: Broker connection failed: Connect failed: No such file or directory(2)
/ Failed to connect to broker socket `/tmp/ssh-root/ssh-broker'. / Failed to connect to Broker..

If this is the case you can start the broker first:

[root@dhcp-pool62 ~]# ssh-broker-g3
Then re-run the "ssh-broker-ctl list-keys" command (if you have a lot of keys you may want to use the "short" -s option to limit the amount of data displayed about the keys):
[root@dhcp-pool62 ~]# ssh-broker-ctl list-keys -s
#1 fc77c742134d8f03245220ba36c743066d3157b2 ssh-dss /root/.ssh2/id_dsa_2048_a dsa 2048

Once you know the key number you can use it and the "key-passphrase" command to load the passphrases for the keys:

Note: If you would like to load all of your keys' passphrases you can use the --all option as shown in the ssh-broker-ctl man page link mentioned above.

*nix examples:

[root@dhcp-pool62 ~]# ssh-broker-ctl key-passphrase 1
Key label: 2048-bit dsa, root@dhcp-pool62.bos.us.ssh.com, Tue Dec 29 2009 12:01:47 -0800
File name: /root/.ssh2/id_dsa_2048_a
Passphrase for the private key: 
1 passphrase protected keys opened.

If you want to script the loading of the passphrases you would likely want to use the --passphrase-file option so that manual interaction is not needed. (Make sure the password files are in a secure location, only accessible to the intended user.)

[root@dhcp-pool62 ~]# ssh-broker-ctl key-passphrase 1 --passphrase-file=testpassphrase.txt
1 passphrase protected keys opened.

If your not running the ssh-broker-ctl command from the same directory simply use the full path.

[root@dhcp-pool62 etc]# ssh-broker-ctl key-passphrase 1 --passphrase-file=/root/testpassphrase.txt
1 passphrase protected keys opened.

Or you can use relative paths:

[root@dhcp-pool62 command]# ssh-broker-ctl key-passphrase 1 --passphrase-file=../passphrases/testpassphrase.txt
1 passphrase protected keys opened.


Windows examples: In current directory:

C:\example>ssh-broker-ctl key-passphrase 1 --passphrase-file=passphrase.txt
1 passphrase protected keys opened.

Relative path:

C:\TEST>ssh-broker-ctl key-passphrase 1 --passphrase-file=..\example\passphrase.txt
1 passphrase protected keys opened.

Full Path:

C:\TEST>ssh-broker-ctl key-passphrase 1 --passphrase-file=C:\example\passphrase.txt
1 passphrase protected keys opened.

Now your connections using the passphrase-loaded user keys will not require user interaction when connections are made until the Tectia connection broker is closed, or the cache is cleared using the --clear option.

link

answered Feb 18 '10 at 09:50

SSH%20KB's gravatar image

SSH KB ♦
509249246237

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×54
×6
×4

Asked: Feb 18 '10 at 09:46

Seen: 4,588 times

Last updated: Aug 19 '10 at 16:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.